Starting on October 19, 2021, we will enable single-sign-on for our Plesk Support Center to provide a seamless login/account experience. This implies that you’ll be able to use a single account across any of our web-facing properties.
To be prepared for this change and to avoid the need to register during your next ticket submission after the change, we encourage you to create an account here before October 19 using the same email address as your current Zendesk login (support account). It’s essential that you use the same email address on our support center to ensure that your tickets stay attached to the same account. You will continue to use ZenDesk authentication until we switch over to single-sign-on on October 19th.

How does password strength policy work in Plesk?

Follow

Comments

9 comments

  • Avatar
    Peter Wise

    Please consider implementing Dropbox's password strength library in future versions of plesk. https://github.com/dropbox/zxcvbn

    Right now (Plesk Onyx Version 17.8.11) very secure passwords such as applaud-bisque-batch-forefoot won't even pass the "medium" filter, and very bad passwords such as Pa$$word123 are marked "Strong".

    Brute force cracking continues to get more sophisticated and the current strength ratings are misleading.

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Peter,

    Thank you for sharing your idea. I have created a feature suggestion.

    The top-rated features will be implemented in next Plesk updates.

    0
    Comment actions Permalink
  • Avatar
    Renan Genova Ferreira

    Hello, EFTHIMIOS SIDERIS!

    Can you please tell the OS version you have Plesk Installed?

    Thank you

    0
    Comment actions Permalink
  • Avatar
    Anton Maslov

    Hello,

    Unfortunately there is nothing we can suggest based on the provided information. Please create a support request to troubleshoot the issue.

    0
    Comment actions Permalink
  • Avatar
    Xanthorr (Edited )

    Could you please add the hyphen, period and comma - . , characters to the special characters scoring?

    Currently they don't affect the scoring while they are valid and good for creating safe passwords that you can also remember. Some password generators, like the one in iOS/macOS Safari, only support hyphens. So even though it does generate safe passwords they never pass the medium Plesk policy.

    0
    Comment actions Permalink
  • Avatar
    Northland SysAdmin

    I would like to make a further suggestion.  The description of password strength for strong is a little misleading as someone who puts in all the characters required with the proper length can still be considered Medium strength until some extra characters are added.  The description should be a little more accurate regarding that and I agree that the passwords with long and varied words should also pass for strong, but do not.

    Thank you

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Xanthorr and Northland SysAdmin

    Thank you for the suggestions, please, don't hesitate to share your ideas here: https://plesk.uservoice.com/forums/184549-feature-suggestions

    Suggestions are monitored by RnD and popular are implemented.

    0
    Comment actions Permalink
  • Avatar
    Darko Bazulj

    I would suggest if you can add option to set length of password in  password policy.
    Difference between strong and very strong is big and length of 12 would be optimal.
    Password complexity should stay  but it would be better if we can control the length.

    0
    Comment actions Permalink
  • Avatar
    EngSoc Sysadmin

    I love how the provided example perfectly demonstrates how bad the password security calculation is. "P@ssw0rd" is a terrible password that would take milliseconds to break, even with a very limited wordlist. However, it scores almost double "vwfwxkgcokkdhrhcyokxzcyczaonmpiquzxpjgrwuhzxraidysqyxgxgkjzplkgbrzqmnbzallilttsquojbwgeaahhafgnoiztbsunkwepydnlsdhpbiknl" does, even though you would expect cracking the latter after the heat death of the universe, if you started working on it right as the Big Bang happened.

    TL;DR: Please adopt a better password security algorithm in future versions or at least let us provide our own (with, say, an option to type in a PHP function that returns a number.)

     
    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request